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CERTIFICATE REQUEST 
FROM END USER 
RECEIVE D BY CA 

i 
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DATA FORWARDED TO TARGET HOST: 
•HOSTNAME 

• SUBJECT ID 

•SUBJECT PUBLIC KEY INFO 

• SEALED POP 
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. MATCH TARGET HOST ID TO HOST NAME 
. DECRYPT PASSWORD & KEY IDENTIFIER 

FROM SEALED POP 
• CALCULATE CORRECT KEY IDENTIFIER 
FROM SUBJECT PUBLIC KEY INFO & 
COMPARE TO KEY IDENTIFIER FROM 
SEALED POP 
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CREATE POP CONFIRMATION 
->SIGNED OBJECT CONTAINING 

•HOSTNAME 

. SUBJECT ID 

•SUBJECT PUBLIC KEY INFO 
->SENDTOCA 
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FIG. 3 



. SIGNED MESSAGE PLACED INTO 
HOST ID MAPPING EXTENSION 

• DIGITAL CERTIFICATE SIGNED BY CA 

• ISSUED TO USER 
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